[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
- From: Darren McDonald <athena@xxxxxxxxxxxxx>
- Date: Wed, 26 Oct 2011 00:42:14 +0100
On 25 October 2011 23:36, William Reyor <opticfiber@xxxxxxxxx> wrote:
> Still possible when ssl connections are enforced?
>
Yes, because if an attacker is able read your system's memory then
they will be able to decrypt your SSL traffic by using your symmetric
encryption keys. I call this the encryption key sidejacking attack.
Renski
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/